CVE-2022-22116

Exploit

EPSS 0.21%
Veröffentlicht 10.01.2022 16:15:10
Zuletzt bearbeitet 21.11.2024 06:46:12
Quelle vulnerabilitylab@mend.io
CVE-Watchlists
Login
Unerledigt
Login

In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to stored Cross-Site Scripting (XSS) vulnerability via SVG file upload in media upload functionality. A low privileged attacker can inject arbitrary javascript code which will be executed in a victim’s browser when they open the image URL.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rangerstudio ≫ Directus Version >= 9.0.1 <= 9.4.1

Rangerstudio ≫ Directus Version9.0.0 Update-

Rangerstudio ≫ Directus Version9.0.0 Updatealpha10

Rangerstudio ≫ Directus Version9.0.0 Updatealpha11

Rangerstudio ≫ Directus Version9.0.0 Updatealpha12

Rangerstudio ≫ Directus Version9.0.0 Updatealpha13

Rangerstudio ≫ Directus Version9.0.0 Updatealpha14

Rangerstudio ≫ Directus Version9.0.0 Updatealpha15

Rangerstudio ≫ Directus Version9.0.0 Updatealpha16

Rangerstudio ≫ Directus Version9.0.0 Updatealpha17

Rangerstudio ≫ Directus Version9.0.0 Updatealpha18

Rangerstudio ≫ Directus Version9.0.0 Updatealpha19

Rangerstudio ≫ Directus Version9.0.0 Updatealpha20

Rangerstudio ≫ Directus Version9.0.0 Updatealpha21

Rangerstudio ≫ Directus Version9.0.0 Updatealpha22

Rangerstudio ≫ Directus Version9.0.0 Updatealpha23

Rangerstudio ≫ Directus Version9.0.0 Updatealpha24

Rangerstudio ≫ Directus Version9.0.0 Updatealpha25

Rangerstudio ≫ Directus Version9.0.0 Updatealpha26

Rangerstudio ≫ Directus Version9.0.0 Updatealpha27

Rangerstudio ≫ Directus Version9.0.0 Updatealpha31

Rangerstudio ≫ Directus Version9.0.0 Updatealpha32

Rangerstudio ≫ Directus Version9.0.0 Updatealpha33

Rangerstudio ≫ Directus Version9.0.0 Updatealpha34

Rangerstudio ≫ Directus Version9.0.0 Updatealpha35

Rangerstudio ≫ Directus Version9.0.0 Updatealpha36

Rangerstudio ≫ Directus Version9.0.0 Updatealpha37

Rangerstudio ≫ Directus Version9.0.0 Updatealpha38

Rangerstudio ≫ Directus Version9.0.0 Updatealpha39

Rangerstudio ≫ Directus Version9.0.0 Updatealpha4

Rangerstudio ≫ Directus Version9.0.0 Updatealpha40

Rangerstudio ≫ Directus Version9.0.0 Updatealpha41

Rangerstudio ≫ Directus Version9.0.0 Updatealpha42

Rangerstudio ≫ Directus Version9.0.0 Updatealpha5

Rangerstudio ≫ Directus Version9.0.0 Updatealpha6

Rangerstudio ≫ Directus Version9.0.0 Updatealpha7

Rangerstudio ≫ Directus Version9.0.0 Updatealpha8

Rangerstudio ≫ Directus Version9.0.0 Updatealpha9

Rangerstudio ≫ Directus Version9.0.0 Updatebeta0

Rangerstudio ≫ Directus Version9.0.0 Updatebeta1

Rangerstudio ≫ Directus Version9.0.0 Updatebeta10

Rangerstudio ≫ Directus Version9.0.0 Updatebeta11

Rangerstudio ≫ Directus Version9.0.0 Updatebeta12

Rangerstudio ≫ Directus Version9.0.0 Updatebeta13

Rangerstudio ≫ Directus Version9.0.0 Updatebeta14

Rangerstudio ≫ Directus Version9.0.0 Updatebeta2

Rangerstudio ≫ Directus Version9.0.0 Updatebeta3

Rangerstudio ≫ Directus Version9.0.0 Updatebeta4

Rangerstudio ≫ Directus Version9.0.0 Updatebeta5

Rangerstudio ≫ Directus Version9.0.0 Updatebeta7

Rangerstudio ≫ Directus Version9.0.0 Updatebeta8

Rangerstudio ≫ Directus Version9.0.0 Updatebeta9

Rangerstudio ≫ Directus Version9.0.0 Updaterc0

Rangerstudio ≫ Directus Version9.0.0 Updaterc1

Rangerstudio ≫ Directus Version9.0.0 Updaterc10

Rangerstudio ≫ Directus Version9.0.0 Updaterc100

Rangerstudio ≫ Directus Version9.0.0 Updaterc101

Rangerstudio ≫ Directus Version9.0.0 Updaterc11

Rangerstudio ≫ Directus Version9.0.0 Updaterc12

Rangerstudio ≫ Directus Version9.0.0 Updaterc13

Rangerstudio ≫ Directus Version9.0.0 Updaterc14

Rangerstudio ≫ Directus Version9.0.0 Updaterc15

Rangerstudio ≫ Directus Version9.0.0 Updaterc17

Rangerstudio ≫ Directus Version9.0.0 Updaterc18

Rangerstudio ≫ Directus Version9.0.0 Updaterc19

Rangerstudio ≫ Directus Version9.0.0 Updaterc2

Rangerstudio ≫ Directus Version9.0.0 Updaterc20

Rangerstudio ≫ Directus Version9.0.0 Updaterc21

Rangerstudio ≫ Directus Version9.0.0 Updaterc22

Rangerstudio ≫ Directus Version9.0.0 Updaterc23

Rangerstudio ≫ Directus Version9.0.0 Updaterc24

Rangerstudio ≫ Directus Version9.0.0 Updaterc25

Rangerstudio ≫ Directus Version9.0.0 Updaterc26

Rangerstudio ≫ Directus Version9.0.0 Updaterc27

Rangerstudio ≫ Directus Version9.0.0 Updaterc28

Rangerstudio ≫ Directus Version9.0.0 Updaterc29

Rangerstudio ≫ Directus Version9.0.0 Updaterc3

Rangerstudio ≫ Directus Version9.0.0 Updaterc30

Rangerstudio ≫ Directus Version9.0.0 Updaterc31

Rangerstudio ≫ Directus Version9.0.0 Updaterc32

Rangerstudio ≫ Directus Version9.0.0 Updaterc33

Rangerstudio ≫ Directus Version9.0.0 Updaterc34

Rangerstudio ≫ Directus Version9.0.0 Updaterc35

Rangerstudio ≫ Directus Version9.0.0 Updaterc36

Rangerstudio ≫ Directus Version9.0.0 Updaterc37

Rangerstudio ≫ Directus Version9.0.0 Updaterc38

Rangerstudio ≫ Directus Version9.0.0 Updaterc39

Rangerstudio ≫ Directus Version9.0.0 Updaterc4

Rangerstudio ≫ Directus Version9.0.0 Updaterc40

Rangerstudio ≫ Directus Version9.0.0 Updaterc41

Rangerstudio ≫ Directus Version9.0.0 Updaterc42

Rangerstudio ≫ Directus Version9.0.0 Updaterc43

Rangerstudio ≫ Directus Version9.0.0 Updaterc44

Rangerstudio ≫ Directus Version9.0.0 Updaterc45

Rangerstudio ≫ Directus Version9.0.0 Updaterc46

Rangerstudio ≫ Directus Version9.0.0 Updaterc47

Rangerstudio ≫ Directus Version9.0.0 Updaterc48

Rangerstudio ≫ Directus Version9.0.0 Updaterc49

Rangerstudio ≫ Directus Version9.0.0 Updaterc5

Rangerstudio ≫ Directus Version9.0.0 Updaterc50

Rangerstudio ≫ Directus Version9.0.0 Updaterc51

Rangerstudio ≫ Directus Version9.0.0 Updaterc52

Rangerstudio ≫ Directus Version9.0.0 Updaterc53

Rangerstudio ≫ Directus Version9.0.0 Updaterc54

Rangerstudio ≫ Directus Version9.0.0 Updaterc55

Rangerstudio ≫ Directus Version9.0.0 Updaterc56

Rangerstudio ≫ Directus Version9.0.0 Updaterc57

Rangerstudio ≫ Directus Version9.0.0 Updaterc58

Rangerstudio ≫ Directus Version9.0.0 Updaterc59

Rangerstudio ≫ Directus Version9.0.0 Updaterc6

Rangerstudio ≫ Directus Version9.0.0 Updaterc60

Rangerstudio ≫ Directus Version9.0.0 Updaterc61

Rangerstudio ≫ Directus Version9.0.0 Updaterc62

Rangerstudio ≫ Directus Version9.0.0 Updaterc63

Rangerstudio ≫ Directus Version9.0.0 Updaterc64

Rangerstudio ≫ Directus Version9.0.0 Updaterc65

Rangerstudio ≫ Directus Version9.0.0 Updaterc66

Rangerstudio ≫ Directus Version9.0.0 Updaterc67

Rangerstudio ≫ Directus Version9.0.0 Updaterc68

Rangerstudio ≫ Directus Version9.0.0 Updaterc69

Rangerstudio ≫ Directus Version9.0.0 Updaterc7

Rangerstudio ≫ Directus Version9.0.0 Updaterc70

Rangerstudio ≫ Directus Version9.0.0 Updaterc71

Rangerstudio ≫ Directus Version9.0.0 Updaterc72

Rangerstudio ≫ Directus Version9.0.0 Updaterc73

Rangerstudio ≫ Directus Version9.0.0 Updaterc74

Rangerstudio ≫ Directus Version9.0.0 Updaterc75

Rangerstudio ≫ Directus Version9.0.0 Updaterc76

Rangerstudio ≫ Directus Version9.0.0 Updaterc77

Rangerstudio ≫ Directus Version9.0.0 Updaterc78

Rangerstudio ≫ Directus Version9.0.0 Updaterc79

Rangerstudio ≫ Directus Version9.0.0 Updaterc8

Rangerstudio ≫ Directus Version9.0.0 Updaterc80

Rangerstudio ≫ Directus Version9.0.0 Updaterc81

Rangerstudio ≫ Directus Version9.0.0 Updaterc82

Rangerstudio ≫ Directus Version9.0.0 Updaterc83

Rangerstudio ≫ Directus Version9.0.0 Updaterc84

Rangerstudio ≫ Directus Version9.0.0 Updaterc85

Rangerstudio ≫ Directus Version9.0.0 Updaterc86

Rangerstudio ≫ Directus Version9.0.0 Updaterc87

Rangerstudio ≫ Directus Version9.0.0 Updaterc88

Rangerstudio ≫ Directus Version9.0.0 Updaterc89

Rangerstudio ≫ Directus Version9.0.0 Updaterc9

Rangerstudio ≫ Directus Version9.0.0 Updaterc90

Rangerstudio ≫ Directus Version9.0.0 Updaterc91

Rangerstudio ≫ Directus Version9.0.0 Updaterc92

Rangerstudio ≫ Directus Version9.0.0 Updaterc93

Rangerstudio ≫ Directus Version9.0.0 Updaterc94

Rangerstudio ≫ Directus Version9.0.0 Updaterc95

Rangerstudio ≫ Directus Version9.0.0 Updaterc96

Rangerstudio ≫ Directus Version9.0.0 Updaterc97

Rangerstudio ≫ Directus Version9.0.0 Updaterc98

Rangerstudio ≫ Directus Version9.0.0 Updaterc99

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.43

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N
vulnerabilitylab@mend.io	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/directus/directus/commit/ec86d5412d45136915d9b622b4a890dd26932b10

Patch

Third Party Advisory

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2022-22116

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-22116

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-22116

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-22116

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-22116